allowed_actions is now only allowed to reference public methods defined
on the same Controller as the allowed_actions static, and
the wildcard "*" has been deprecated
Controller (and subclasses) failed to enforce $allowed_action restrictions
on parent classes if a child class didn't have it explicitly defined.
Controllers which are extended with $allowed_actions (through an Extension)
now deny access to methods defined on the controller, unless this class also has them in its own
$allowed_actions definition.
Controller (and subclasses) failed to enforce $allowed_action restrictions
on parent classes if a child class didn't have it explicitly defined.
Controllers which are extended with $allowed_actions (through an Extension)
now deny access to methods defined on the controller, unless this class also has them in its own
$allowed_actions definition.
Shortcodes have traditionally had a problem that they are inside <p> tags,
but generate block level elements. This breaks HTML compliance.
This makes the shortcode parser now mutate the DOM based on the "class" attribute on
the shortcode to insert the generated block level element at the right place in the DOM
- for "left" and "right" elements it puts them just before the block level
element they are inside
- for "leftAlone" and "center" elements it splits the DOM around the shortcode.
The trade off is that shortcodes are no longer "text level" features. They need
knowledge of the HTML they are in to perform this transformation, so they can
only be used in (valid) HTML
The _ss_environment.php file can now be in any parent folder of the framework (according to realpath())
Removing the description of '3 levels deep' and replaced with explanation of infinite depth.
- Avoid using "if" to check for file existence (use try_files instead)
- Replicate the behavior of the .htaccess files
- TODO: get static error pages to work
- Avoid using "if" to check for file existence (use try_files instead)
- Replicate the behavior of the .htaccess files
- TODO: get static error pages to work
Title in CMS is set using header X-Title. But UTF-8 characters can't be used in HTTP headers. So the title should be encoded just before sending X-Title header and decoded before setting HTML document title (fixes#7942).
In 3.0 there was some confusion about whether DataLists and ArrayLists
were mutable or not. If DataLists were immutable, they'd return the result, and your code
would look like
$list = $list->filter(....);
If DataLists were mutable, they'd operate on themselves, returning nothing, and your code
would look like
$list->filter(....);
This makes all DataLists and ArrayList immutable for all _searching_ operations.
Operations on DataList that modify the underlying SQL data store remain mutating.
- These functions no longer mutate the existing object, and if you do not capture the value
returned by them will have no effect:
ArrayList#reverse
ArrayList#sort
ArrayList#filter
ArrayList#exclude
DataList#dataQuery (use DataList#alterDataQuery to modify dataQuery in a safe manner)
DataList#where
DataList#limit
DataList#sort
DataList#addFilter
DataList#applyFilterContext
DataList#innerJoin
DataList#leftJoin
DataList#find
DataList#byIDs
DataList#reverse
- DataList#setDataQueryParam has been added as syntactic sugar around the most common
cause of accessing the dataQuery directly - setting query parameters
- RelationList#setForeignID has been removed. Always use RelationList#forForeignID
when querying, and overload RelationList#foreignIDList when subclassing.
- Relatedly,the protected variable RelationList->foreignID has been removed, as the ID is
now stored on a query parameter. Use RelationList#getForeignID to read it.
Session is not initialized by the time we need to use
the setting in DB::connect(). Cookie values get initialized
automatically for each request.
Tightened name format validation to ensure it can only
be used for temporary databases, rather than switching
the browser session to a different production database.
Encrypting token for secure cookie usage.
Added dev/generatesecuretoken to generate this token.
Not storing in YML config directly because of web access issues.
Introduces the concept of action tabsets - usage of TabSet and Tabs
in between the action buttons to allow richer set of capabilities that
can be offered to the user.
Goes along with c8d0cdec99c95dbed3b58ebcc098cc9d22c58206 that implements
a change to the CMS actions.
Enables more generic use of the fixture facilities
without dependency on the YAML format, for example
when creating fixtures from Behat step definitions.
Note: The YamlFixture class needs to be created via
Injector::inst()->create('YamlFixture') now,
direct instantiation is no longer supported.
Composer examples at http://getcomposer.org/doc/00-intro.md use
/usr/local/bin for installing Composer globally, so let's use that
path as well instead of /usr/bin.
It is now possible to change the threeColumnLayout width options for the
columns via entwine property LayoutOptions and accessor methods.
Thanks @robert-h-curry, @clarkepaul for contributing!
Reusable feature for making CMS buttons that respond to the current
contextual state with an appearance change.
Provides capability to specify initial state, alternate icon and
alternate text via data attributes or options (PHP or JS), and to hook
up into events triggered when the state is alternating.
This is used by the follow-up cms action buttons cleanup work.
- Moved some docs around to reflect this change
- Described how to symlink from vendor/bin/phpunit
- Added note about browser-runs not being recommended
- Added more examples on how to run through "sake",
to complement the existing descriptions for "phpunit"
- Added an example on how to setup a controller with a form
- Notice about adding form methods to $allowed_actions
- Using the FormField::create() in all examples
- Corrected some errors in the examples that did not work
- Aligned docs to use 120 chars lines
Fixed broken links. Hash links were not working. I don’t know how to hide heading-anchor-link links. Tried to correct some layout errors (code quotes).
I replaced the subclassing example by one using a DataExtension. This
is the preferred way to add extra functionality to the Image class. You
can now add any existing image from the assets section instead of only
those belonging to the subclass.
Added a warning not to use has_many relations, because the UploadField
doesn't fully support them.
Documentation for the uploadfield. Only the implementation in the CMS
is documented, as the field doesn't seem to fully support being used in
the frontend just yet.
This is a measure to support form fields and controllers
interacting with files in different contexts,
for example an UploadField used in a ModelAdmin,
or a website frontend. The check for 'CMS_ACCESS_AssetAdmin'
was too restricting. This wasn't a problem in 2.x simply because
the old FileField/Upload classes didn't respect File->can*()
permissions.
In locales other than en_US, as a result of missing jQuery locale
files, the DatePicker defaulted to English whenever day and monthnames
were used, breaking validation. Needed to change official locale files
before adding, because Zend_Date and jQuery day/monthnames not matching
again breaks validation.
Removed hard setting the names to uppercase, breaking validation for
other locales
Changed order in convert_iso_to_jquery_format(), to prevent EEE(E)
settings from being overwritten
Added a check for existing locale files, and made DatePicker fallback
to ISO yyy-MM-dd if a missing locale file would otherwise break
validation.
Added documentation for the DateField
The current guides have a few areas where they recommend an approach that is more complex than what most people take.
- Rebase straight onto upsteam/msaster
- Force push a rebased branch
I also fixed the conflict resolution help to be relevant to rebase commands, and kept the push instruction out of the rebase instruction.
I don't know what that release candidate branch stuff is, but:
* I've never seen any of the core team do it
* I think it's overkill for most patches
* I think it's being too prescriptive: if contributors want to do that, that's cool, but it doesn't affect the core team.
* It makes our contributing guidelines more complex than they need to be.
The guidelines for contributing code were scattered across a section of contributing.md and collaboration-on-git.md. I've updated this to have separate contributing/code.md page with all the content in a single cohesive page. We also have contributing/documentation.md, contributing/issues.md and contributing/translation.md.